diff options
74 files changed, 1292 insertions, 99 deletions
diff --git a/kubernetes/aai b/kubernetes/aai -Subproject fa694e0feb325333cfffb7d7852aa97264f96b6 +Subproject a8c4e701f9c26038a9ac9f22d5dd95fd54ebc1c diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml index 1d1e4594da..cabe59f696 100644 --- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml +++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml @@ -59,7 +59,7 @@ spec: curr_time=$1 echo "Clearing snapshots!!!" command="nodetool clearsnapshot -t $curr_time" - /app/exec.py -p "cassandra" -c "$command" + /app/exec.py -p "{{ include "common.name" . }}" -c "$command" } {{ $root := . }} curr_time=`date +%s` @@ -75,11 +75,11 @@ spec: echo "Executing cleanup!!" command="nodetool cleanup" - /app/exec.py -p "cassandra" -c "$command" + /app/exec.py -p "{{ include "common.name" . }}" -c "$command" echo "Cleaned Node!! Backing up database now!!!" command="nodetool snapshot -t $curr_time" - /app/exec.py -p "cassandra" -c "$command" + /app/exec.py -p "{{ include "common.name" . }}" -c "$command" retCode=$? if [ $retCode -ne 0 ]; then echo "Backup Failed!!!" diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl index adbe2b6cf9..793fb3e07b 100644 --- a/kubernetes/common/common/templates/_name.tpl +++ b/kubernetes/common/common/templates/_name.tpl @@ -53,7 +53,7 @@ {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}} {{/* when linted, the name must be lower cased. When used from a component, name should be overriden in order to avoid collision so no need to do it */}} - {{- if eq (printf "common/%s/templates" $name) $dot.Template.BasePath -}} + {{- if eq (printf "%s/templates" $name) $dot.Template.BasePath -}} {{- $name = lower $name -}} {{- end -}} {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }} diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 3d745ed819..dddd63491d 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -94,6 +94,7 @@ annotations: "version": "{{ default "v1" $msb_information.version }}", "url": "{{ default "/" $msb_information.url }}", "protocol": "{{ default "REST" $msb_information.protocol }}", + "enable_ssl": {{ default false $msb_information.enable_ssl }}, "port": "{{ $msb_information.port }}", "visualRange":"{{ default "1" $msb_information.visualRange }}" } diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 9ce9b88644..1048811328 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -146,8 +146,7 @@ spec: - mountPath: /backup name: {{ include "common.fullname" $dot }}-backup readOnly: true - resources: -{{ include "common.resources" $dot | indent 12 }} + resources: {{ include "common.resources" $dot | nindent 12 }} {{- if $dot.Values.nodeSelector }} nodeSelector: {{ toYaml $dot.Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index fbc43c0768..b653ba1a41 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -125,21 +125,32 @@ service: ingress: enabled: false -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +flavor: small + +#resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 90Mi + large: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml index 652acd5fa7..19d872fe12 100644 --- a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml +++ b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml @@ -570,7 +570,7 @@ </void> <void method="put"> <int>37</int> - <string>-477565695</string> + <string>-1501801709</string> </void> <void method="put"> <int>20037</int> @@ -810,7 +810,7 @@ </void> <void method="put"> <int>20011</int> - <boolean>true</boolean> + <boolean>false</boolean> </void> <void method="put"> <int>10011</int> @@ -842,7 +842,7 @@ </void> <void method="put"> <int>20013</int> - <boolean>true</boolean> + <boolean>false</boolean> </void> <void method="put"> <int>10013</int> diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index febb8a9624..6d5b2d508f 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -100,6 +100,10 @@ spec: value: {{ .Values.config.openStackVNFTenantId | quote }} - name: ONAP_CLOUDOWNER value: {{ .Values.config.cloudOwner }} + - name: ONAP_K8SCLOUDREGIONID + value: {{ .Values.config.k8sCloudRegionId }} + - name: ONAP_K8SCLOUDOWNER + value: {{ .Values.config.k8sCloudOwner }} - name: NBI_URL value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4" - name: SDC_HOST diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 0f3fd1a352..58fa33611c 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -83,6 +83,8 @@ config: logstashServiceName: log-ls logstashPort: 5044 cloudOwner: CloudOwner + k8sCloudRegionId: k8sregionfour + k8sCloudOwner: k8scloudowner4 ecompInstanceId: OOM openStackRegion: RegionOne openStackVNFTenantId: 31047205ce114b60833b23e400d6a535 diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml index 1d9792fa5f..90fe5dd732 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: certInitializer version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml index 1538b47343..78c054bd28 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml @@ -122,13 +122,21 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: log.conf - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} - name: {{ include "common.name" . }}-nginx image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.nginx.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + args: + - "-c" + - | + grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt + cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt + /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh ports: - containerPort: {{ .Values.service.internalPort }} {{- if .Values.liveness.enabled }} @@ -151,6 +159,12 @@ spec: - mountPath: /opt/bitnami/nginx/conf/nginx.conf name: {{ .Values.global.commonConfigPrefix }}-config subPath: nginx.conf + - mountPath: /tmp/AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer + - mountPath: /tmp/intermediate_root_ca.pem + name: {{ include "common.fullname" . }}-onap-certs + subPath: intermediate_root_ca.pem resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -176,7 +190,6 @@ spec: path: conductor.conf - key: log.conf path: log.conf - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index f19ecb61ee..b17eed6b2f 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -16,7 +16,16 @@ global: # global defaults nodePortPrefix: 302 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' service: type: NodePort diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml index 1967814f63..1bb059b173 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml index 506ff939e3..53e053aa42 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml @@ -127,8 +127,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -153,7 +153,6 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index 5fa0f2408e..327a537f41 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -16,7 +16,16 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml index 1967814f63..1bb059b173 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml index 2041dd2c9d..3ed74a048a 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml @@ -147,8 +147,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: aai_key.key - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -177,7 +177,6 @@ spec: path: aai_cert.cer - key: aai_key.key path: aai_key.key - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index 5fa0f2408e..570c0df5b2 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -16,7 +16,16 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml index 1967814f63..1bb059b173 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml index 10bba9f61e..4f5067db12 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml @@ -141,8 +141,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -167,8 +167,6 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh - - key: AAF_RootCA.cer - path: AAF_RootCA.cer - +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index 5fa0f2408e..570c0df5b2 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -16,7 +16,16 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml index 1967814f63..1bb059b173 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml index 55c9d362e4..d1e4946ae1 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml @@ -141,8 +141,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -167,7 +167,6 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index 5fa0f2408e..570c0df5b2 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -16,7 +16,16 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer b/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer deleted file mode 100755 index e9a50d7ea0..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- diff --git a/kubernetes/oof/components/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf index a6790164d8..cbb1b60a58 100644 --- a/kubernetes/oof/components/oof-has/resources/config/nginx.conf +++ b/kubernetes/oof/components/oof-has/resources/config/nginx.conf @@ -13,9 +13,9 @@ http { listen 8091 ssl; server_name oof; - ssl_certificate /opt/bitnami/nginx/ssl/local/org.onap.oof.crt; + ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt; ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; location / { diff --git a/kubernetes/oof/components/oof-has/templates/secret.yaml b/kubernetes/oof/components/oof-has/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index c7799cdc02..ffd11db2dd 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -23,11 +23,21 @@ global: repository: nexus3.onap.org:10001 commonConfigPrefix: onap-oof-has image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 filebeat: docker.elastic.co/beats/filebeat:5.5.0 persistence: enabled: true +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs' + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + pullPolicy: Always nodePortPrefix: 302 dataRootDir: /dockerdata-nfs @@ -70,12 +80,17 @@ resources: #component overrides oof-has-api: enabled: true + certSecret: *oof-certs oof-has-controller: enabled: true + certSecret: *oof-certs oof-has-data: enabled: true + certSecret: *oof-certs oof-has-reservation: enabled: true + certSecret: *oof-certs oof-has-solver: enabled: true + certSecret: *oof-certs diff --git a/kubernetes/oof/components/oof-templates/Chart.yaml b/kubernetes/oof/components/oof-templates/Chart.yaml new file mode 100755 index 0000000000..885491c1a9 --- /dev/null +++ b/kubernetes/oof/components/oof-templates/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T,VMware +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP OOF helm templates +name: oof-templates +version: 6.0.0 diff --git a/kubernetes/oof/components/oof-templates/requirements.yaml b/kubernetes/oof/components/oof-templates/requirements.yaml new file mode 100755 index 0000000000..b93260a4fa --- /dev/null +++ b/kubernetes/oof/components/oof-templates/requirements.yaml @@ -0,0 +1,20 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T,VMware +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + diff --git a/kubernetes/oof/components/oof-templates/templates/_certificate.tpl b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl new file mode 100644 index 0000000000..4da128bcbb --- /dev/null +++ b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl @@ -0,0 +1,11 @@ +{{- define "oof.certificate.volume" -}} +- name: {{ include "common.fullname" . }}-onap-certs + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "oof-onap-certs") }} + items: + - key: aaf_root_ca.cer + path: aaf_root_ca.cer + - key: intermediate_root_ca.pem + path: intermediate_root_ca.pem +{{- end -}} + diff --git a/kubernetes/oof/components/oof-templates/values.yaml b/kubernetes/oof/components/oof-templates/values.yaml new file mode 100644 index 0000000000..a97238e9af --- /dev/null +++ b/kubernetes/oof/components/oof-templates/values.yaml @@ -0,0 +1,14 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + diff --git a/kubernetes/oof/requirements.yaml b/kubernetes/oof/requirements.yaml index ebd2d8ffee..2d1f9b3596 100755 --- a/kubernetes/oof/requirements.yaml +++ b/kubernetes/oof/requirements.yaml @@ -28,3 +28,6 @@ dependencies: version: ~6.x-0 repository: 'file://components/oof-has' condition: oof-has.enabled + - name: oof-templates + version: ~6.x-0 + repository: 'file://components/oof-templates' diff --git a/kubernetes/oof/resources/config/aaf_root_ca.cer b/kubernetes/oof/resources/config/certs/aaf_root_ca.cer index e9a50d7ea0..e9a50d7ea0 100755 --- a/kubernetes/oof/resources/config/aaf_root_ca.cer +++ b/kubernetes/oof/resources/config/certs/aaf_root_ca.cer diff --git a/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem b/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem new file mode 100644 index 0000000000..b67866d160 --- /dev/null +++ b/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN +MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG +A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL +neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d +o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 +nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV +v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO +15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw +gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV +M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q +ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl +u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ ++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ +QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht +8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX +kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 +aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky +uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w +tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep +BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= +-----END CERTIFICATE----- + diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml index 7e8fe5dc72..1109ab8167 100644 --- a/kubernetes/oof/resources/config/common_config.yaml +++ b/kubernetes/oof/resources/config/conf/common_config.yaml @@ -5,7 +5,7 @@ osdf_system: external: 8698 # clients use this port on DockerHost osdf_ip_default: 0.0.0.0 # # Important Note: At deployment time, we need to ensure the port mapping is done - ssl_context: ['/opt/osdf/osaaf/local/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key'] + ssl_context: ['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key'] osdf_temp: # special configuration required for "workarounds" or testing local_policies: @@ -67,6 +67,9 @@ references: resource_sharing_level: source: request value: serviceProfile.resourceSharingLevel + slice_scope: + source: request + value: slice_scope reuse_preference: source: request value: preferReuse @@ -86,10 +89,11 @@ policy_info: policy_scope: - scope: - - get_param: resource_sharing_level - - get_param: reuse_preference + - get_param: slice_scope services: - get_param: service_name + resources: + - get_param: service_name subnet_selection: policy_fetch: by_scope @@ -98,6 +102,8 @@ policy_info: - OSDF_GUILIN services: - get_param: service_name + resources: + - get_param: service_name placement: policy_fetch: by_scope diff --git a/kubernetes/oof/resources/config/log.yml b/kubernetes/oof/resources/config/conf/log.yml index 3966ea28c0..3966ea28c0 100644 --- a/kubernetes/oof/resources/config/log.yml +++ b/kubernetes/oof/resources/config/conf/log.yml diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml index 5c9aa2bb64..5c9aa2bb64 100755 --- a/kubernetes/oof/resources/config/osdf_config.yaml +++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml diff --git a/kubernetes/oof/templates/configmap.yaml b/kubernetes/oof/templates/configmap.yaml index 75f7e42277..7176f138c9 100644 --- a/kubernetes/oof/templates/configmap.yaml +++ b/kubernetes/oof/templates/configmap.yaml @@ -24,4 +24,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/conf/*").AsConfig . | indent 2 }} diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index 76d1a62604..cbf4156d23 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -73,6 +73,14 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + args: + - "-c" + - | + grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt + cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt + ./osdfapp.sh -x osdfapp.py ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -99,8 +107,11 @@ spec: name: {{ include "common.fullname" . }}-config subPath: osdf_config.yaml - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer - name: {{ include "common.fullname" . }}-config + name: {{ include "common.fullname" . }}-onap-certs subPath: aaf_root_ca.cer + - mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem + name: {{ include "common.fullname" . }}-onap-certs + subPath: intermediate_root_ca.pem - mountPath: /opt/osdf/config/common_config.yaml name: {{ include "common.fullname" . }}-config subPath: common_config.yaml @@ -129,11 +140,10 @@ spec: items: - key: osdf_config.yaml path: osdf_config.yaml - - key: aaf_root_ca.cer - path: aaf_root_ca.cer - key: common_config.yaml path: common_config.yaml - key: log.yml path: log.yml +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/templates/secret.yaml b/kubernetes/oof/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index 0dc035494b..bce02d42b1 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -21,12 +21,25 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 persistence: {} + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs' + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: + - resources/config/certs/intermediate_root_ca.pem + - resources/config/certs/aaf_root_ca.cer + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/optf-osdf:3.0.0 +image: onap/optf-osdf:3.0.1 pullPolicy: Always # flag to enable debugging - application support required @@ -161,3 +174,4 @@ oof-cmso: enabled: true oof-has: enabled: true + certSecret: *oof-certs diff --git a/kubernetes/policy/components/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json index 9b9a7a5a93..8d31575a3f 100755 --- a/kubernetes/policy/components/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json @@ -54,7 +54,7 @@ "parameters":{ "asdcAddress": "sdc-be:8443", "messageBusAddress": [ - "message-router" + "message-router.{{ include "common.namespace" . }}" ], "user": "${SDCBE_USER}", "password": "${SDCBE_PASSWORD}", diff --git a/kubernetes/robot b/kubernetes/robot -Subproject 34913f2223539640c81ae9e7a65744a09a95c9c +Subproject da28d1cdc573a726d3fc8a19638ebc8b3679295 diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index b825b703b4..03b6db066a 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -104,12 +104,13 @@ service: name: sdc-be both_tls_and_plain: true msb: - - port: 8080 + - port: 8443 url: "/sdc/v1" version: "v1" protocol: "REST" visualRange: "1" serviceName: sdc + enable_ssl: true - port: 8080 url: "/sdc/v1" version: "v1" diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 4cd0597e10..f6e0376067 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -53,7 +53,7 @@ config: logstashPort: 5044 environment: workflowUrl: 10.0.2.15 - vnfRepoPort: 8702 + vnfRepoPort: 8703 #Used only if localCluster is enabled. Instantiates SDC's own cassandra cluster cassandra: diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml index 028b698657..4429bd9f46 100755 --- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -106,6 +106,11 @@ mso: endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage nssmf: endpoint: http://so-nssmf-adapter.{{ include "common.namespace" . }}:8088 + oof: + endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/v1 + timeout: PT5M + callback: + endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/callback/v1 bpmn: process: historyTimeToLive: '30' diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml new file mode 100644 index 0000000000..c4fb9a49d5 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP SO ETSI NFVO NS LCM +name: so-etsi-nfvo-ns-lcm +version: 6.0.0 diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml new file mode 100644 index 0000000000..64fd243a27 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml @@ -0,0 +1,47 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +aai: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + version: v19 + endpoint: https://aai.{{ include "common.namespace" . }}:8443 +spring: + security: + usercredentials: + - username: ${ETSI_NFVO_USERNAME} + password: ${ETSI_NFVO_PASSWORD} + role: ETSI-NFVO-Client +server: + port: {{ .Values.containerPort }} + tomcat: + max-threads: 50 +mso: + key: {{ .Values.mso.key }} +so: + adapters: + sol003-adapter: + url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1 + auth: {{ .Values.so.sol003.adapter.auth }} +etsi-catalog-manager: + base: + {{- if .Values.global.msbEnabled }} + endpoint: https://msb-iag:443/api + http: + client: + ssl: + trust-store: ${TRUSTSTORE} + trust-store-password: ${TRUSTSTORE_PASSWORD} + {{- else }} + endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api + {{- end }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml new file mode 100644 index 0000000000..97f7d4e71d --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml @@ -0,0 +1,41 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml new file mode 100644 index 0000000000..fbba76f13f --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -0,0 +1,86 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} + containers: + - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - | + export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` + {{- if .Values.global.aafEnabled }} + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + {{- end }} + ./start-app.sh + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: ETSI_NFVO_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }} + - name: ETSI_NFVO_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }} + {{ include "so.certificates.env" . | indent 12 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + - name: {{ include "common.fullname" . }}-truststore + mountPath: /app/client + readonly: true + livenessProbe: + tcpSocket: + port: {{ index .Values.livenessProbe.port }} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + ports: {{ include "common.containerPorts" . | nindent 12 }} + volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-truststore + secret: + secretName: {{ include "common.release" . }}-so-truststore-secret + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml new file mode 100644 index 0000000000..443e76b76e --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml new file mode 100644 index 0000000000..493cfe5f88 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml new file mode 100644 index 0000000000..a1290de24b --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml new file mode 100644 index 0000000000..79a8276df4 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml @@ -0,0 +1,146 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: etsi-nfvo-nslcm-creds + name: '{{ include "common.release" . }}-so-etsi-nfvo-nslcm-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}' + login: '{{ .Values.etsi.nfvo.nslcm.username }}' + password: '{{ .Values.etsi.nfvo.nslcm.password }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/so-etsi-nfvo-ns-lcm:1.7.4 +pullPolicy: Always + +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +etsi: + nfvo: + nslcm: + username: so-etsi-nfvo-ns-lcm +mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 +so: + sol003: + adapter: + auth: Basic dm5mbTpwYXNzd29yZDEk + +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 9095 +logPath: ./logs/so-etsi-nfvo-ns-lcm/ +app: so-etsi-nfvo-ns-lcm +service: + type: ClusterIP + name: so-etsi-nfvo-ns-lcm + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' + msb.onap.org/service-info: | + {{ if not .Values.global.msbDisabled -}}[ + { + "serviceName": "{{ include "common.servicename" . }}", + "version": "v1", + "url": "/so/so-etsi-nfvo-ns-lcm/v1", + "protocol": "REST", + "port": "{{ include "common.getPort" (dict "global" . "name" "nfvo-nslcm-port") }}", + "visualRange":"1" + } + ]{{ end }} + ports: + - name: http-api + port: *containerPort +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-nfvo-cert-init + certInitializer: + nameOverride: so-nfvo-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.nfvoAdapterPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} + +livenessProbe: + port: 9095 + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + +ingress: + enabled: false + service: + - baseaddr: 'soetsinfvonslcm' + name: 'so-etsi-nfvo-ns-lcm' + port: 9095 + config: + ssl: 'redirect' + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh index a8f772b947..05b1ff70cf 100755 --- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh @@ -23,6 +23,13 @@ echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1 +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + +DB_PASSWORD=`prepare_password $DB_PASSWORD` + mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 DROP USER IF EXISTS '${DB_USER}'; CREATE USER '${DB_USER}'; diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh index adb28fe8e6..593739e1cf 100755 --- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh @@ -23,6 +23,13 @@ echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1 +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + +DB_ADMIN_PASSWORD=`prepare_password $DB_ADMIN_PASSWORD` + mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 DROP USER IF EXISTS '${DB_ADMIN}'; CREATE USER '${DB_ADMIN}'; diff --git a/kubernetes/so/components/so-oof-adapter/Chart.yaml b/kubernetes/so/components/so-oof-adapter/Chart.yaml new file mode 100755 index 0000000000..cce161a8cd --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: so-oof-adapter +version: 6.0.0 diff --git a/kubernetes/so/components/so-oof-adapter/requirements.yaml b/kubernetes/so/components/so-oof-adapter/requirements.yaml new file mode 100644 index 0000000000..036860d012 --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/requirements.yaml @@ -0,0 +1,24 @@ +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..9aafd4f322 --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,58 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +logging: + path: logs +spring: + security: + usercredentials: + - username: ${BPEL_USERNAME} + password: ${BPEL_PASSWORD} + role: BPEL-Client + - username: ${ACTUATOR_USERNAME} + password: ${ACTUATOR_PASSWORD} + role: ACTUATOR +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 + +mso: + site-name: localSite + logPath: ./logs/oof + msb-ip: msb-iag.{{ include "common.namespace" . }} + msb-port: 80 + msoKey: ${MSO_KEY} + camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081 + camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.camundaAuth )}} + workflow: + message: + endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage + oof: + auth: ${OOF_LOGIN}:${OOF_PASSWORD} + endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698 +#Actuator +management: + endpoints: + web: + base-path: /manage + exposure: + include: "*" + metrics: + se-global-registry: false + export: + prometheus: + enabled: true # Whether exporting of metrics to Prometheus is enabled. + step: 1m # Step size (i.e. reporting frequency) to use. diff --git a/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..da5fda9c42 --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml @@ -0,0 +1,50 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..f2eae394e7 --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml @@ -0,0 +1,109 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: +{{ include "common.resources" . | indent 10 }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + - name: MSO_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-adapter-mso-key" "key" "password") | indent 10 }} + - name: OOF_LOGIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "login") | indent 10 }} + - name: OOF_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "password") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap +{{ include "so.helpers.livenessProbe" .| indent 8 }} + ports: {{- include "common.containerPorts" . | nindent 12 }} + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-oof-adapter/templates/secret.yaml b/kubernetes/so/components/so-oof-adapter/templates/secret.yaml new file mode 100644 index 0000000000..31e0ab6a16 --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/templates/secret.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-oof-adapter/templates/service.yaml b/kubernetes/so/components/so-oof-adapter/templates/service.yaml new file mode 100755 index 0000000000..a4df54737c --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/templates/service.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.service" . }} diff --git a/kubernetes/so/components/so-oof-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml new file mode 100755 index 0000000000..e6b96a6b8f --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/values.yaml @@ -0,0 +1,143 @@ +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= +# Secrets metaconfig +################################################################# +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: oof-adapter-mso-key + type: password + externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}' + password: '{{ .Values.mso.msoKey }}' + - uid: oof-auth + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mso.oof.authSecret) . }}' + login: '{{ .Values.mso.oof.login }}' + password: '{{ .Values.mso.oof.password }}' + passwordPolicy: required + + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/so-oof-adapter:1.7.2 +pullPolicy: Always + +mso: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + oof: + login: test + password: testpwd + +replicaCount: 1 +containerPort: &containerPort 8090 +minReadySeconds: 10 +containerPort: *containerPort +logPath: ./logs/oof/ +app: so-oof-adapter +service: + type: ClusterIP + ports: + - name: api + port: *containerPort +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + + +soHelpers: + nameOverride: so-oof-adapter-cert-init + certInitializer: + nameOverride: so-oof-adapter-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.oofadapterPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: *containerPort + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml index 66e16a9562..82cf3e927f 100755 --- a/kubernetes/so/requirements.yaml +++ b/kubernetes/so/requirements.yaml @@ -40,6 +40,10 @@ dependencies: version: ~6.x-0 repository: 'file://components/so-db-secrets' condition: so-etsi-nfvo-ns-lcm.enabled + - name: so-etsi-nfvo-ns-lcm + version: ~6.x-0 + repository: 'file://components/so-etsi-nfvo-ns-lcm' + condition: so-etsi-nfvo-ns-lcm.enabled - name: so-mariadb version: ~6.x-0 repository: 'file://components/so-mariadb' @@ -51,6 +55,10 @@ dependencies: version: ~6.x-0 repository: 'file://components/so-nssmf-adapter' condition: so-nssmf-adapter.enabled + - name: so-oof-adapter + version: ~6.x-0 + repository: 'file://components/so-oof-adapter' + condition: so-oof-adapter.enabled - name: so-openstack-adapter version: ~6.x-0 repository: 'file://components/so-openstack-adapter' diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 8c31e71040..0d3b3927ec 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -109,6 +109,16 @@ secrets: type: generic filePaths: - resources/config/certificates/msb-ca.crt + - uid: "mso-key" + name: &mso-key '{{ include "common.release" . }}-mso-key' + type: password + password: '{{ .Values.global.app.msoKey }}' + - uid: mso-oof-auth + name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth' + type: basicAuth + login: '{{ .Values.mso.oof.login }}' + password: '{{ .Values.mso.oof.password }}' + passwordPolicy: required aafConfig: permission_user: 1000 @@ -225,6 +235,9 @@ mso: auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24 aai: auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F + oof: + login: test + password: testpwd so: operationalEnv: dmaap: @@ -246,6 +259,9 @@ so-catalog-db-adapter: db: <<: *dbSecrets +so-etsi-nfvo-ns-lcm: + enabled: true + so-monitoring: enabled: true db: @@ -282,6 +298,16 @@ so-nssmf-adapter: db: <<: *dbSecrets +so-oof-adapter: + enabled: true + db: + <<: *dbSecrets + mso: + msoKeySecret: *mso-key + camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A + oof: + authSecret: *mso-oof-auth + so-vnfm-adapter: enabled: true diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml index ae83c05d29..cc8d682acd 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml @@ -28,7 +28,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nfvo/svnfm/huawei:1.3.6 +image: onap/vfc/nfvo/svnfm/huawei:1.3.8 pullPolicy: Always #Istio sidecar injection policy |